If you look at the title of this blog article and aren’t sure what to…
When you think of the darknet, you think of nefarious people doing dastardly things. And if you do, you won’t be too far wrong.
The darknet instantly brings to mind criminality. As in the case of David Mitchell who has recently been jailed for 5-years because of carrying out criminal offenses helped by purchasing items on the darknet; or Mitchell buying a Glock gun and a lot of ammunition from a darknet marketplace. Other cases involve serious abuse of women and children such as the German abuse hub, ‘Elysium’ which traded in images of child abuse; the instigators now facing lengthy prison sentences.
The darknet remains, however, clouded in mystery for many of us. It seems a place that is hard to define and difficult to locate. And, if you could, would you want to enter its dark domain?
In this article, we’ll take a look at what lurks beneath the surface of the internet, but we’ll begin with how it came about in the first place.
The web we all know and love is also known as the ‘surface web’. This is because lurking below the surface is a much deeper place which includes the darknet.
The ‘darknet’ is so called because it has been built to hide portions of the Internet from everyday users. Sometimes, the darknet gets confused with the ‘deep web’, so we will discuss both here to differentiate them from one another. But first, a little history.
The idea of ‘dark’ parts of a connected network began life not long after the nascent internet.
ARPAnet or the Advanced Research Projects Agency Network, was the first network to use TCP/IP protocols; these protocols being the foundation for communications across what we now call the Internet. Alongside the sites that came under ARPAnet’s umbrella were more secretive or ‘dark’ sites. This was where the idea of having protected areas of the general Internet came from. Back in the day, this was done for pure security reasons.
From those early days, as the surface web grew, so did the dark parts of it. The darknet soon became synonymous with underground and sub-cultures and was being increasingly used to share content, often illegally.
An influential paper, published in 2002 by Microsoft employees looked at how the darknet was being used to circumvent digital right management (DRM) technologies for file sharing.
The release of The Onion Router, also known as Tor, created the darknet we know today by anonymizing a user’s access into the dark. Tor lead directly to the development of “The Silk Road”, an infamous trading platform on the darknet operated by Ross Ulbricht.
The Tor browser sits at the front of the Tor network which routes Internet traffic. When you browse for sites using Tor your activity is anonymized. Tor is associated with the darknet for this reason.
Tor, however, isn’t just used by darknet cybercriminals, it is used legitimately by journalists and anyone who wants to have anonymous browsing. In fact, organizations such as Google, Human Rights Watch, and the Electronic Frontier Foundation are fans of Tor and advocate its use, especially for those living in repressive regimes.
Once you have a Tor browser in place you can use a number of darknet browsers to search for darknet sites. Onion Link is one such browser. Sometimes people also use a VPN along with Tor to lock down anonymity as much as possible.
Image 1: FBI Closure of the Silk Road
The Silk Road was a darknet marketplace that sold anything you can think of that is illegal – guns, forged documents, drugs, you name it.
It was originally devised by Ross Ulbricht, who also called himself, Dread Pirate Roberts. The Silk Road became popular as it was well designed. Buyers and sellers could rate each other, so it had trust built into the operation of the system. Bitcoin became the payment method of choice, enabling the anonymity of the transaction. In its original guise, it was built to be a marketplace for products associated with ‘victimless crimes’. This ideology didn’t last.
In October 2013, the FBI closed the Silk Road, only for it to be re-opened as the Silk Road 2.0. After arrests in December of 2013 and 2014 of various Silk Road administrators, the silk road ideology rumbles on in various guises that come and go. Ulbricht is currently serving a life sentence in connection with the Silk Road.
Search engines do not index all there is on the Internet. There are various reasons for a site being non-indexed, including databases, unlinked sites, sites designed to be uncrawlable by web indexers, etc.
“The deep web consists of content that cannot be found or directly accessed via surface web search engines such as Google and Yahoo. Examples of deep web sites include websites that require credentials (registration and login), unlinked sites that require a direct link to access, sites that are purposefully designed to keep search crawlers out, and databases – the majority of content in the deep web.” (DarkOwl, 2017)
The darknet hides websites and tools therein, by ensuring they are not able to be found using more traditional search engines like Google, Yahoo, and Bing. Instead, to browse for darknet sites you need to install the Tor browser and use a specialist search engine, as mentioned above.
Image 2: What is the Darknet?
Research into typical activity within the darknet was recently reported in a paper from King’s College London. The study, entitled “Cryptopolitik and the Darknet” crawled and classified search results into 12 areas of activity. The results show an “overwhelming presence of illicit content on the Tor darknet”.
The sale of stolen personal data and intellectual property is another infamous use of darknet sites.
The anonymous nature of the darknet makes policing it difficult.
However, organizations like Europol are creating dedicated teams to police the darknet creating a ‘Dark Web Team’ that works with the EU and global law enforcement agencies to tackle darknet crime. New tools are being developed to help to infiltrate the darknet and draw out data that can help to identify criminals and their illicit activities.
As well as the more traditional criminal activities such as drugs and weapon sales, the darknet is also home to the world of the cybercriminal.
When we see massive data breaches, like Equifax or Ashley Madison, the stolen data, often ends up on darknet sites for sale. The data stolen in the recent Facebook breach which leaked personal details of 50 million users, ended up on a darknet site for sale. The cost of these data? Between $3 to $12. The site it was being sold on was a little like eBay, with a rating system – reminiscent of The Silk Road.
Related Post: 5 Lessons Learned from the Ashley Madison Hack
The darknet can be a dark place with sites and tools that are used to carry out criminal activities; it is a breeding ground for the cybercriminal and traditional criminal alike. The darknet is also the place to go to find Malware-as-a-Service and other tools of cybercrime. Along with those tools, it is a place to buy and sell the data that is stolen in the data breaches that are so common in the modern, hyper-connected world.
For now, it looks like the darknet is here to stay – the creators of the Silk Road may be in prison, but their legacy lives on. In our upcoming articles, we will look at the story of how data lost in breaches end up in the hands of those who dwell in the depths of the darknet. We will also look at how the darknet can offer up insight to give us intelligence in fighting cybercrime.
Meanwhile, please contact us to learn more about our darknet intelligence services. Hitachi Systems Security is proud to have partnered up with the darknet intelligence specialist DarkOwl.